A few months ago, I was in a chemical plant, which had called in my firm to help with risk management. One of the process engineers proudly told me he could change process operations from his home computer. He explained that he could use the Internet to tap into the computer that was controlling the chemical process and change settings like the temperature at which the reactor would operate. Of course, if this employee could get into the computer from the Internet, it is also possible that a terrorist or saboteur could do so-perhaps to change the processing temperature to produce a runaway reaction. Computer access is just one example of the security exposures that process plants currently face.
Process plants--which include chemical plants, oil refineries, and other companies that handle hazardous chemicals such as ammonia and chlorine in large quantities--represent prime potential terrorist targets because of the damage that could be done if the harmful substances they handle were released into the environment. But even a year after the September 11 attacks, many such facilities are just beginning to implement solutions to their security problems.
Part of the reason for the delay has been the lack of specific guidance. Presently, governments, trade associations, and technical societies in the process industries are developing programs and methods for improving the security of hazardous chemicals. Some general documents have been issued. For example, the American Chemistry Council (ACC) published "Site Security Guidelines for the U.S. Chemical Industry" in October 2001, in cooperation with the Society of Organic Chemical Manufacturers and the Chlorine Institute (see "Chemical Industry Gets Litmus Test," "News and Trends," January 2002). The ACC then mandated enhanced security for its members on January 29, 2002, following up in June with a new "Security Code" (the ACC has 6 other codes on various topics). But the code does not spell out what specific security measures should be considered or implemented. Meanwhile, legislative efforts have stalled.
One of the first questions that process plants ask me when they begin to grapple with the issue is: What have others done? Unfortunately, few have done more than beef up access controls to their plants. Few companies in the industry have put in place a complete process security program. The primary site security measures at a number of sites are a perimeter fence, locked gates, and a guard house. Given this situation, the next question managers pose is: What else should we do?
Plants cannot afford to wait for governments or associations to give them more concrete guidance. The risk of terrorism and criminal acts against process plants is clearly real. Immediate action is needed. We suggest that plants develop a program combining layers of protection, while choosing the specific level of protection that fits their facility. Such a program could be crafted using the following framework.
Layers. First, as most security professionals know, both security and safety programs typically use defense in depth to protect against threats and accidents. This is called rings of protection in security and layers of protection in safety. The defense-in-depth concept is based on the premise that multiple layers or rings of protection ensure some level of protection in the event that one or more layers or rings fail.
Generally, security protection tries to prevent access to hazardous materials while safety protection tries to prevent their release. In process safety, the term safeguards refers to measures intended to protect against accidents, while the term secureguards can be coined to describe measures that protect against threats. Some safeguards may act as secureguards and vice versa, as can be seen in the listing of these measures below. In process security management, safeguards and secureguards must be combined into a program to provide overall protection. …